header-logo
Suggest Exploit
vendor:
JavaMail API
by:
SecurityFocus
8.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: JavaMail API
Affected Version From: Sun JavaMail API 1.3.1
Affected Version To: Sun JavaMail API 1.4.1
Patch Exists: Yes
Related CWE: N/A
CPE: a:sun:java_mail_api
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2004

MimeMessage Method Validation Vulnerability

The MimeMessage method in the Sun JavaMail API does not perform sufficient validation on message number values that are passed to the method during requests. An attacker that can successfully authenticate to an email server implementation that is written using the Sun JavaMail API, may exploit this issue to make requests for arbitrary email messages that are stored on the server.

Mitigation:

Ensure that the MimeMessage method is properly validating message number values.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13683/info

The MimeMessage method in the Sun JavaMail API does not perform sufficient validation on message number values that are passed to the method during requests. An attacker that can successfully authenticate to an email server implementation that is written using the Sun JavaMail API, may exploit this issue to make requests for arbitrary email messages that are stored on the server. 

http://www.example.com/ReadMessage.jsp?msgno=10001
http://www.example.com/ReadMessage.jsp?msgno=10002

Navigation

Suggest Exploit

Services By CQR